Method and device for transmission of entitlement management messages

ABSTRACT

A method for transmitting entitlement management messages (EMM) controlling access to data and/or services to be provided to plural terminals in a data exchange network. The method, at the transmitting side: defines a set of EMM type messages as a function of at least one criterion representative of a type of data and/or services provided; defines plural types of logical transmission channels and associates at least one parameter to each type of channel to inform terminals of the EMM types transmitting on each described logical channel; assigns at least one channel among the defined logical transmission channels to each EMM message type; transmits the parameter and the logical channels to each terminal; multiplexes the logical transmission channels in the same data stream; and transmits the data stream to terminals. In the method, on reception each terminal filters incoming EMMs as a function of the parameter and at least one state parameter depending on a routine operation of the terminal.

TECHNICAL DOMAIN

The domain of the invention is transmissions of scrambled data and/orservices to a plurality of terminals connected to a data exchangenetwork and is particularly applicable to a method for transmission ofEntitlement Management Messages (EMM) controlling access to these dataand to these services and a device designed to implement the method.

STATE OF PRIOR ART

With the development of data exchanges through open networks such as theInternet network, the security of exchanges becomes increasinglyimportant in activities of operators and service providers. Thissecurity has several essential purposes:

-   -   to prevent transactions made through the network from being        intercepted;    -   to assure integrity of data, in other words to determine if the        transmitted data has been corrupted during the communication;    -   to enable authentication, in other words to assure the identity        of the correspondents of a transaction, and confidentiality        consisting of making information unintelligible to persons other        than persons involved in the transaction.

Authentication is achieved by access control that only enablesauthorised persons to access resources.

In the encrypted audiovisual programs broadcasting field, the DVBstandard defines a Common Scrambling Algorithm (CSA), but does notinclude anything about access control, leaving operators and serviceproviders free to define their own systems.

However, the DVB standard does include transport of access control datathat are retrieved on reception using data descriptors in a ConditionalAccess Table (CAT) inserted in the MPEG transport multiplex, and bymeans of other private data packets indicated using data descriptors ina Program Map Table (PMT) that contains Packet Identifier (PID) numbersfor each coded program component in the form of an MPEG PacketizedElementary Stream (PES).

In general, information necessary for descrambling is transmitted inspecific access control messages called Conditional Access Messages(CAM) that include at least one Entitlement Control Message (ECM) andone Entitlement Management Message (EMM).

These conditional access messages are generated from at least threeinput data:

-   -   a Control Word (CW) designed to initialise the descrambling        sequence;    -   a Service Key used to encrypt the control word for a group of        one or more users;    -   a User Key, used to encrypt the service key.

ECMs depend on the control word and service key, while EMMs depend onthe service key and the user key.

ECMs and EMMs are transmitted periodically and continuously to terminalsto be sure that users receive them.

On reception, the principle of encryption is to find the service keyfrom the EMMs and the user key contained in a security processor, forexample a smart card. The service key is then used to decrypt ECMs inorder to find the control word used to initialise the descramblingsystem.

In known access control systems, EMMs are transmitted in sequence, withno priority or order, independently of the specific functions of eachtransmitted EMM message. However, the different EMMs do not necessarilyconcern the same data or the same services, and consequently are notsubjected to the same transmitting constraints. EMMs may be distributedin three large families that differ in their functions and in theirtransmission conditions. For example:

-   -   messages related to the contract between the subscriber and the        operator, for example such as a subscription to a service for a        determined duration. In this case, EMM messages are permanently        transmitted throughout the period of the subscription. This        transmission represents a very large data stream, but which must        be maintained to assure that data are received by the        subscriber;    -   so-called dynamic messages that correspond to an immediate need        of the subscriber, for example such as a purchase of a session        or an event;    -   technical management messages for the security processor decided        upon by the operator in agreement with the subscriber.

Transmission of these EMM messages in sequence with no priority or ordergenerates a long cycle time, varying from site to site, and causing along waiting time at the subscriber. Furthermore, the mix of messageswith different natures and degrees of urgency causes a non optimisedoccupation of the pass band.

The purpose of the invention is to overcome the disadvantages describedabove.

PRESENTATION OF THE INVENTION

The invention proposes a method for transmission of entitlementmanagement messages (EMM) controlling access to data and/or servicesprovided to a plurality of terminals in a data exchange network,characterised in that it comprises the following steps:

At the transmission side:

-   -   defining a set of EMM type messages as a function of at least        one criterion representative of the type of data and/or services        provided;    -   defining a plurality of types of logical transmission channels        and associating at least one parameter (STREAM_TYPE) to each        type of channel to inform terminals of the EMM types transiting        on each described logical channel;    -   assigning at least one channel among the defined logical        transmission channels to each EMM message type;    -   transmitting the (STREAM_TYPE) parameter and the said logical        channels to each terminal;    -   multiplexing the logical transmission channels in the same data        stream;    -   transmitting the said data stream to terminals;    -   and on reception:    -   each terminal filters incoming EMMs as a function of the        (STREAM_TYPE) parameter and at least one state parameter        depending on the routine operation of the terminal.

Preferably, the (STREAM_TYPE) parameter is transmitted to each terminalin a dynamic data structure representing a logical control channel.

According to one preferred embodiment, the dynamic structure istransmitted in an encrypted EMM and comprises at least one of thefollowing fields:

-   -   a first field (EMM_XID) that will enable the terminal to        identify the logical channel described by the structure;    -   a second field (Version_Number) that will inform the terminal        about a change to data and/or a change to the dynamic structure        corresponding to transmission of the said new data on the        described channel such that the terminal adapts its filtering to        retrieve the said new data;    -   a third field (Listen_time) designed to inform the terminal        about a listen time on the described channel.

The said third field (Listen_time) may represent either a minimum fixedduration, or a minimum variable duration, sufficient to enable theterminal to retrieve the transmitted messages.

In one embodiment, the types of defined logical channels comprise atleast:

-   -   a FAST channel for transmitting EMM messages to terminals that        expressly requested these messages;    -   a DEDICATED channel for transmitting EMM messages with identical        functional objectives;    -   a NORMAL channel designed to transmit EMM messages for which the        contents are not predictable and may not be delayed in time;    -   a DELAYED channel for transmitting non-urgent EMM messages with        various functional objectives, to terminals;    -   a LOAD SHEDDING channel for retransmitting messages that have        already been transmitted on a channel other than the DEDICATED        channel, to terminals.

Preferably, the minimum variable duration for the FAST, NORMAL, DELAYEDand DEDICATED channels is estimated as a function of the repetition rateat which EMM messages are sent.

In one example application of the process according to the invention,the data and/or services provided to terminals represent multimediaprograms.

In another example application, the data and/or services provided toterminals represent audiovisual programs.

In both types of applications, EMM messages are encapsulated in MPEGformat and are transmitted either in broadcast mode or in connectedmode. Apart from the contents of the EMM, the MPEG payload unitsobtained contain at least the following private information:

-   -   EMM_XID representing the identifier of the EMM;    -   LG_EMM representing the length of the EMM.

The method according to the invention is then used by a devicecomprising:

-   -   means for defining a set of EMM message types as a function of        at least one criterion representative of the type of data and/or        services provided;    -   means for defining a set of types of logical transmission        channels as a function of the contents to be transported on each        channel;    -   means for assigning a logical transmission channel to each type        of EMM message;    -   means for multiplexing logical transmission channels in the same        data stream;    -   means for transmitting the said data stream to terminals, and    -   means for filtering EMMs incoming into a terminal, as a function        of defined channel types.

In the preferred embodiment of the invention, the device comprises:

-   -   means for associating at least one parameter (STREAM_TYPE) to        each channel type, designed to inform terminals about EMM types        transiting on each of the described logical channels;    -   means for transmitting the (STREAM_TYPE) parameter to each        terminal;    -   means for enabling each terminal to filter incoming EMMs as a        function of the (STREAM_TYPE) parameter, and at least one status        parameter reflecting routine operation of the terminal.

BRIEF DESCRIPTION OF THE DRAWINGS

Other characteristics and advantages of the invention will become clearfrom the following description given as a non-limitative example withreference to the attached figures in which:

FIG. 1 diagrammatically illustrates a system in which a device fortransmission of entitlement management messages (EMM) according to theinvention is used;

FIG. 2 shows a functional diagram of the device according to theinvention;

FIG. 3 diagrammatically shows a method of communication between an EMMmessage generator and a multiplexer according to a preferred embodimentof the invention.

FIG. 4 diagrammatically illustrates EMM encapsulation in an MPEG payloadunit according to one example embodiment of the invention.

DETAILED PRESENTATION OF PARTICULAR EMBODIMENTS

The following description relates to a particular application of themethod according to the invention in a system for distributingaudiovisual programs to several subscriber terminals connected to a dataexchange network, for example such as the Internet network, or to aprivate program broadcasting network.

This system enables a first set 2 of subscriber management systems SMSarranged at a commercial operator, for example to communicate through asecond set of subscriber entitlement management systems 6, with a thirdset for transmission of entitlement management messages (EMM) 4.

Each subscriber is provided with a decoder 8 and a security processor inwhich entitlements are registered.

The third set 4 comprises a first module 10 denoted as B-SAS (BroadcastSubscription Authorisation System) in the remainder of this description,for the organisation and broadcasting of EMMs in accordance withdirectives output by equipment in the first set 2. The first B-SASmodule 10 communicates firstly with equipment in set 6, and secondlywith a second multiplexing module MUX 12 connected to a third module 14broadcasting EMMs to the decoder 8.

The set 6 of equipment for transmission of entitlements to subscriberscomprises a first equipment SAS 16 for technical management of securityprocessors and entitlements, and a second STB-MS equipment 18 formanagement of subscriber terminals.

The function of the first SAS equipment 16 is to express servicerequests originating from SMSs 2 from different operators as EMMmessages that can be processed by the security processor or the terminaland transmit them to the B-SAS module 10 for transmission to subscriberterminals in broadcast mode, or to an I-SAS module 17 to distributethese EMMs in connected mode. The first SAS equipment 16 also enablesrequests to be made from the B-SAS module 10 for adding, sending andreplacement of EMMs to terminals, and requests to delete an EMM send.

The second STB-MS equipment 18 also enables SMS equipment 2 to defineand maintain subscriber terminal characteristics.

The second STB-MS equipment 18 also enables requests to be made from theB-SAS module 10 for adding, sending and replacement of EMMs toterminals, and for cancelling sending EMMs. This STB-MS equipment canexpress service requests originating from SMSs 2 from the differentoperators as messages that can be processed by the security processor orthe terminal and transmit them to the I-SAS module 17 to distributethese EMMs in connected mode.

The decoder 8 located at the subscriber contains the security processorin which subscriber entitlements are recorded, and its function is toprocess EMM messages contained in the broadcast stream in a knownmanner, and to manage an MMI (Man-Machine Interface) presented to thesubscriber and to dialogue with the subscriber's security processor andwith the server of a technical operator.

FIG. 2 shows a detailed functional diagram of the B-SAS module 10. Thismodule comprises a first block 20 intended to collect messagesoriginating from the first SAS equipment 16 or the second STB-MSequipment 18, a second block 22 intended to manage queues, a third block24 intended to manage broadcasting of EMMs, a fourth block 26 controlledby an administrator intended to define system configuration information,and a fifth supervision block 28 intended to collect technical andapplication information on the system.

Messages collected by the first block 20 may be requests to add EMMs, toreplace or delete EMMs by means of an application protocol such asTCP-IP, CORBA, HTTP+XML, RMI or a proprietary protocol.

Definition of EMM

The device and the process according to the invention are used to definea set of EMM message types as a function of at least one criterionrepresentative of the type of data and/or services provided. To achievethis, the input side SAS equipment 16 and STB equipment 18 request thatan EMM should be inserted in a cycle, specifying broadcasting methods(Transmission model reference, EMM broadcast start and end date) and theEMM description (header structure, header size, EMM contents).

Before broadcasting EMMs, a plurality of types of logical transmissionchannels are defined by a (STREAM_TYPE) parameter that will informterminals about EMM types transiting on each of the described logicalchannels. This parameter (STREAM_TYPE) is transmitted to each terminalin the form of a dynamic data structure representing a logical controlchannel comprising at least one of the following fields:

-   -   a first field (EMM_XID) for enabling the terminal to identify        the logical channel described by the structure,    -   a second field (Version_Number) for indicating a change in the        dynamic structure to the terminal. This change signals to the        terminal that new data are transmitted on the described channel        such that the terminal can adapt its filtering to retrieve these        new data;    -   a third field (Listen_time) for informing the terminal about a        listening time on the described channel.

A logical channel is a sub-part of a stream identified by a PID in thebroadcast signal. The definition of such logical channels provides ameans of multiplexing them within the same stream in which EMMstransiting on the same channel have the same EMM_XID identifier. Thus onreception, the terminal can filter input EMMs on a stream and onlyselect EMMs from one or several particular channels. To achieve this,the terminal filters input EMMs by setting a mask on the data streamheader.

In one particular embodiment, the size of the EMM_XID identifier is 8bits, so that up to 8 EMM channels can be multiplexed within a stream byassigning one bit per channel.

The B-SAS module 10 has technical characteristics related to thetransmission models that it uses to determine the EMM broadcastingchannel, to assign at least one channel among the defined logicaltransmission channels to each type of EMM message. Differences in thebroadcast start date and end date are determined for each model. Thedefined logical channels are multiplexed in a same data stream and arethen transmitted to terminals.

Add an EMM

When a request is made to add an EMM, the B-SAS module 10 performs thefollowing processing:

-   -   ### Syntactical analysis of the request,    -   ### Check that the transmission model actually exists,    -   ### Check that the broadcast dates are consistent,    -   ### Check that the EMM identifier is valid,    -   ### Update the database,    -   ### Switch the EMM to the queue management block 22,    -   ### Error management (equipment overload, etc.),    -   ### Acknowledge the request.        Replace an EMM

The SAS equipment 16 or the STB-MS equipment 18 on the input side canrequest that an EMM should be replaced in a cycle by specifying theidentifier of the EMM to be replaced. This message may for example beused by the first SAS equipment 16 to enrich the population targeted byan EMM in the context of a registration to a commercial offer.

When a request is made to replace an EMM, the B-SAS module 10 performsthe following processing:

-   -   ### Syntactical analysis of the request,    -   ### Check that the transmission model actually exists,    -   ### Check that the broadcast dates are consistent,    -   ### Check that the identifier of the EMM to be replaced is        valid,    -   ### Check that the identifier of the new EMM is valid,    -   ### Update the database,    -   ### Switch the EMM to the queue management block 22,    -   ### Error management (equipment overload, etc.),    -   ### Acknowledge the request.        Delete an EMM

When the request to delete an EMM is received, the B-SAS module 10performs the following processing:

-   -   ### Syntactical analysis of the request,    -   ### Check that the EMM identifier is valid,    -   ### Update the database,    -   ### Delete broadcast of the EMM on the associated channel,    -   ### Error management,    -   ### Acknowledge the request.

Note that even if the B-SAS module 10 alone manages deletion of EMMs atthe end of the validity period, SAS equipment 16 or STB-MS equipment 18may explicitly delete a broadcast EMM.

Queue Management

The B-SAS module 10 must be able to satisfy constraints, particularlyterminal constraints, and at the same time offer a regular servicequality. To achieve this, the second block 22 can:

-   -   ### organise broadcast EMMs so that the terminal can take them        into account;    -   ### control the speed of EMM channels on a transponder. This        speed is usually of the order of 50 to 500 kbits/second;    -   ### program broadcasting of some express EMMs in a very short        time;    -   ### program broadcasting of some EMMs for a sufficiently long        time so that they can be processed by all terminals;    -   ### switch EMMs that are not urgent to message queues with        different characteristics, and organise these queues or logical        channels such that the EMM speed is acceptable for a terminal.        Description of Defined Channel Types

In one preferred embodiment of the invention, the types of definedlogical channels comprise a FAST channel, a DEDICATED channel, a NORMALchannel, a DELAYED channel and a LOAD SHEDDING channel.

The FAST channel is used in cases in which the terminal is known to belistening to this channel at the time that an EMM concerning it isbroadcast. The most frequently used is broadcasting of specificentitlements to an interactive service at the request of the terminal toa service provider. It may also be used when requested by a user. EMMsare repeated on this fast channel a given number of times, with atimeout between each send, and are then eliminated from the broadcast.If the number of messages in the queue is too large, the cycle time ofthe channel approaches the limiting value of the guaranteed servicequality.

The DEDICATED channel transports EMMs for which the characteristics areidentical. Two types of EMMs are identified to make up dedicatedchannels: entitlement renewal EMMs and key change EMMs.

Each dedicated channel is regulated independently of the other channels,either for organisation of the broadcast or to respect the speedallocated to the channel. Only fast channels can interrupt theiroperation.

The NORMAL channel is necessarily present and is used to send arbitraryEMMs. It transports almost all messages necessary to the subscriber forhis permanent use (management of the security processor, private data,etc.).

During operation, the terminal listens to this type of channel duringthe time specified in the channel description or when subscriberdescription is changed. This listening may be permanent.

The DELAYED channel is only periodically present in the stream. It isused to send EMMs that are capable of accepting delayed processing suchas technical management EMMs for the security or information processor.The terminal will read this channel occasionally when provoked by achange in the channel version number.

The LOAD SHEDDING channel is used to unload other logical channels thathave already been broadcast during several cycles and that in many caseshave been taken into account by the terminal. EMM broadcast methods arespecified in the transmission model. The terminal starts listening tothis channel when the terminal is switched on or when the channelversion number is changed.

According to one preferred embodiment of the method, a control channel,also called the O channel, transports an encrypted description EMM toterminals, containing a description of the technical characteristics oflogical channels sharing the same PID. This description EMM is generatedby the B-SAS module 10 as a function of configuration parameters, andthe contents to be transported on the channels.

When the description EMM is received, each terminal positions itself onthis channel 0 in order to retrieve and analyse the description todetermine which logical channels should be listened to, and under whatconditions. Each terminal will calculate filtering criteria as afunction of the result of the analysis of descriptions.

Broadcast EMMs must satisfy the following constraints:

The EMM broadcast period must be valid.

-   -   for an EMM broadcast on a FAST channel, the maximum number of        broadcasts must not be reached;    -   for an EMM transported on other types of channels, the broadcast        start date must be between the specified broadcast start date        and end date.

Scheduling of sending EMMs enables the terminal to pick up all EMMs inthe stream in a minimum number of cycles.

To satisfy this constraint, an algorithm called a random broadcastalgorithm organises sending EMMs by putting EMMs to be sent in abroadcast cycle, into a random sequence.

The timeout between two EMMs transported on the control channel (channelo) must be at least 100 ms.

Management of EMM Broadcasts

In the example embodiment described, the definition of broadcastingresources and management of EMM broadcasts comply with the EMMG/PDGprotocol, part of the ETSI standard TS 103 197 “Head-End implementationof DVB simulcrypt”. This protocol includes use of the “channel” and“streams” as they are denoted in the remainder of this description, todialogue with the MUX multiplexing module 12.

Management of “Channels” and “Streams”

As shown diagrammatically in FIG. 3, communication between an EMMmessage generator 30 and a MUX module 12 is carried out through asuper-channel 34 identified by a client_id identifier identifying theconditional access system and that can be personalised by the operator.

The B-SAS module 4 sets up one “channel” 32 per operator or per group ofoperators, that enables the creation of one or several streams 34identified by a stream_id (Stream_id 1, Stream_id 2, etc.) that areunique within the channel. A stream 34 is composed of a control channeland a data channel on which EMMs transit in MPEG2 TS packets. The datachannel may make use of TCP/IP protocols or UDP/IP in broadcast mode.

Each stream 34 corresponds to creation of a transponder component 36identified by a Packet IDentifier PID at the output from MUX module 12.

According to one variant embodiment, by default, the B-SAS module 4 onlycreates one stream 34. A second stream 34 will be created if the numberof channels for the operator exceeds 8 (maximum number of channelsmultiplexed on the same EMM stream). The pass band is negotiated betweenthe EMM generator 30 and the MUX multiplexing module 12 at theinitiative of the generator 30 for each stream 34.

Management of Sending EMMs

EMMs are prepared for broadcasting to the multiplexer 12 in two steps.The first step consists of encapsulating EMMs in an MPEG2 payload unit,the second step consists of building up MPEG2 TS transport packets to besent to the MUX(s) 12.

Encapsulation in MPEG2 Payload Unit

MPEG payload units obtained by encapsulation comprise at least thefollowing private information:

-   -   EMM_XID representing the EMM identifier;    -   LG_EMM representing the length of the EMM, and    -   the contents of the EMM.

The encapsulation rules are as follows:

-   -   ### One and only one EMM per payload unit,    -   ### One or several chained payload units per EMM.

The B-SAS module 10 makes up MPEG TS packets with a fixed size (188bytes, including the header). Therefore the MPEG2 payload units arelocated within the packet or overlap on two or more than two packets.

A TS packet respects the format diagrammatically shown in FIG. 4 inaccordance with the ISO/IEC 13818-1 standard “Generic coding of movingpictures and associated audio information: Systems”. This packetcomprises a first Sync synchronisation field 40 comprising eight bits, aheader (ent) 42, a pointer “ptr” 44 and a block 46 containing usefuldata (DATA).

The header 42 comprises:

-   -   a transport error indicator bit (transport_error-indicator);    -   a payload start indicator bit in the packet        (payload_unit_start_indicator);    -   a transport priority indicator bit (transport priority);    -   a block of thirteen bits representing the packet identifier PID;    -   two scrambling control bits;    -   two adaptation field control bits;    -   two continuity index bits.

The payload_unit_start_indicator bit indicates if a payload unit startsin the packet. If it does, this bit is equal to 1 and the “ptr” field isdefined and it contains the rank of the beginning of the payload unit inthe useful data 46.

If not, the payload unit_start_indicator bit is equal to 0 and the “ptr”field does not exist. This is the case of one payload unit out of morethan 2 packets or a partially filled packet.

Exchanges Between the B-SAS Module 10 and Other Equipment

The needs of the different players acting on the equipment are expressedto the BSAS module 10 through a trigger event that may be a messagetransiting on interfaces of the sender/BSAS equipment, or for examplerequests originating from an operator.

Needs of the First SAS Equipment 16 Sending an EMM

The first SAS equipment 16 sends EMM messages to be broadcast to adecoder 8, to the B-SAS module 10. This communication is made through arequest in which the first SAS equipment 16 specifies methods ofbroadcasting the EMM, and particularly the transmission model to be usedand the transmission start and end dates. The B-SAS module 10 builds upand organises sending EMMs on the logical channels specified by thetransmission model, and as a function of the broadcast dates on whichtime offsets can be applied.

Replace an EMM

The SAS equipment 16 may need to optimise broadcasting of EMMs to theB-SAS module 10. In this case, the first SAS equipment 16 replaces oneEMM in broadcasting, by another EMM specifying a more completepopulation. The first SAS equipment 16 requests the B-SAS module 10 toreplace one EMM by another in the broadcast.

Cancel Sending an EMM

The fist SAS equipment 16 may also request the B-SAS 10 to immediatelycancel an EMM, in the routine broadcast.

Needs of the Second STB-MS Equipment 18

The STB-MS manages the set of terminals belonging to one or severaloperators. Consequently, this equipment may request the B-SAS 10 to sendor replace EMMs addressed to terminals, or to cancel sending EMMs.

Send an EMM

EMMs addressed to the terminal are provided to the B-SAS module 10through an STB-MS/BSAS interface message. This message and theassociated processing are identical to those used for the first SASequipment 16.

Replace an EMM

The STB-MS equipment 18, like the first SAS equipment 16, may need tooptimise broadcasting of its EMMs and consequently use the same commandas the first SAS equipment 16. The STB-MS equipment 18 also enables SMSequipment 2 to define and maintain the characteristics of subscriberterminals.

Cancel Sending an EMM

Similarly, the second STB-MS equipment 18 may request the B-SAS module10 to cancel an EMM in the routine broadcast.

Needs of the DECODER

The terminal receives EMM streams sent by the different B-SAS modules10. These EMMs are provided by the different items of equipmentconnected to the B-SAS module 10, namely the SAS(s) 16 and the STB-MS(s)18 and are sent either to the security processor, to one or severalsecurity processors or one or several terminals.

Reception of the Logical Channel Description

The terminal must be able to extract management messages concerning itfrom the signal. To achieve this function, the B-SAS module 10communicates the description and methods of broadcasting the differentlogical channels making up the stream, on the control channel.

Reception of EMMs Sent by the B-SAS Module 10

The terminal must be able to extract all management messages concerningit from a logical channel, and if necessary reconstruct them in the caseof EMMs chained on several payload units. Moreover, some terminalcomponents such as demultiplexers, impose broadcasting constraintsparticularly on the number of EMMs broadcast for a single securityprocessor within defined time periods.

The B-SAS module 10 takes account of these constraints by applying arandom EMM broadcasting algorithm, respecting MPEG constraints forbreakdown into payload units.

1-16. (canceled)
 17. A method for transmitting entitlement managementmessages (EMM) controlling access to data and/or services to be providedto a plurality of terminals in a data exchange network, the methodcomprising: at transmission: defining a set of EMM type messages as afunction of at least one criterion representative of a type of dataand/or services provided; defining a plurality of types of logicaltransmission channels and associating at least one parameter to eachtype of channel to inform terminals of the EMM types transmitting oneach described logical channel; assigning at least one channel among thedefined logical transmission channels, to each EMM message type;transmitting the parameter and the logical channels to each terminal;multiplexing the logical transmission channels in a same data stream;and transmitting the data stream to terminals; and at reception: eachterminal filtering incoming EMMs as a function of the parameter and atleast one state parameter depending on a routine operation of theterminal.
 18. A method according to claim 17, wherein the parameter istransmitted to each terminal in a dynamic data structure representing alogical control channel.
 19. A method according to claim 19, wherein thedynamic data structure is transmitted in an encrypted EMM.
 20. A methodaccording to claim 19, wherein the dynamic structure comprises at leastone of following fields: a first field configured to enable the terminalto identify the logical channel described by structure; a second fieldconfigured to inform the terminal about a change to data and/or a changeto a dynamic structure corresponding to transmission of new data on thedescribed channel such that the terminal adapts its filtering toretrieve the new data; and a third field configured to inform theterminal about a listen time on the described channel.
 21. A methodaccording to claim 20, wherein the third field represents a minimumfixed duration sufficiently long to enable the terminal to retrieve thetransmitted messages.
 22. A method according to claim 20, wherein thethird field represents a minimum variable duration, as a function of arepetition rate at which EMM messages are sent.
 23. A method accordingto claim 22, wherein the types of defined logical channels comprise atleast: a FAST channel configured to transmit EMM messages to terminalsthat expressly requested the EMM messages; a DEDICATED channelconfigured to transmit EMM messages with identical functionalobjectives; a NORMAL channel configured to transmit EMM messages forwhich contents are not predictable and may not be delayed in time; aDELAYED channel configured to transmit non-urgent EMM messages withplural functional objectives, to terminals; and a LOAD SHEDDING channelconfigured to retransmit messages that have already been transmitted ona channel other than the DEDICATED channel, to terminals.
 24. A methodaccording to claim 23, wherein a minimum variable duration for the FAST,NORMAL, DELAYED, and DEDICATED channels is estimated as a function ofthe repetition rate at which EMM messages are sent.
 25. A methodaccording to claim 17, wherein the data and/or services provided toterminals represent multimedia programs.
 26. A method according to claim25, wherein the data and/or services provided to terminals representaudiovisual programs.
 27. A method according to claim 17, wherein theEMM messages are transmitted in broadcast mode.
 28. A method accordingto claim 17, wherein the EMM messages are transmitted in connected mode.29. A method according to claim 27, wherein the EMM messages areencapsulated in MPEG format.
 30. A method according to claim 28, whereinthe EMM messages are encapsulated in MPEG format.
 31. A method accordingto claim 29, wherein the MPEG payload units obtained contain at leastprivate information including: EMM_XID representing an identifier of theEMM; LG_EMM representing a length of the EMM; and contents of the EMM.32. A method according to claim 30, wherein the MPEG payload unitsobtained contain at least private information including: EMM_XIDrepresenting an identifier of the EMM; LG_EMM representing a length ofthe EMM; and contents of the EMM.
 33. A device for transmittingentitlement management messages controlling access to data and/orservices to be provided to a plurality of terminals in a data exchangenetwork, comprising: means for defining a set of EMM type messages as afunction of at least one criterion representative of a type of dataand/or services provided; means for defining plural types of logicaltransmission channels as a function of contents to be transmitted oneach channel; means for assigning a logical transmission channel to eachEMM message type; means for multiplexing the logical transmissionchannels in a same data stream; means for transmitting the data streamto terminals; and means for filtering incoming EMMs into a terminal, asa function of defined channel types.
 34. A device according to claim 33,further comprising: means for associating at least one parameter to eachchannel type, to inform terminals about EMM types transmitting on eachof the described logical channels; means for transmitting the parameterto each terminal; and means for enabling each terminal to filterincoming EMMs as a function of the parameter, and at least one statusparameter reflecting a routine operation of the terminal.